Tech & Cybersecurity Risk Lead

**About the Team**:
You will join the dynamic Tech and Cyber Risk Governance team, operating as a vital second line of defence (2LoD) function. We are the dedicated guardians of GXS Bank's digital resilience, responsible for establishing, maintaining, and overseeing robust governance frameworks to effectively manage technology, cybersecurity, and related third-party risks across the Bank and subsidiaries. With a footprint in the region, our team plays a pivotal role in identifying, assessing, mitigating, and monitoring technology and cyber risks, whether they originate from internal projects, existing systems, or external partnerships. We collaborate extensively across Technology, Operations, Business Units, and other control functions to ensure the Bank and subsidiaries operate securely, comply with regulatory requirements, and confidently pursue innovative goals. We champion a proactive risk culture and value deep expertise, critical thinking, continuous improvement, and technical proficiency in developing and enhancing our GRC capabilities.

**Key Responsibilities**:
As a senior member of the Tech and Cyber Risk Governance team, you will play a key role in shaping and executing the Bank's strategy for managing technology and cyber risk. Your expertise is crucial for safeguarding the Bank's resilience, ensuring regulatory compliance, and enabling secure innovation across the region, with a strong emphasis on technical risk assessment across diverse initiatives and developing our ServiceNow GRC platform.

1. Governance, Risk Framework & Acceptance:

- Develop, implement, and maintain the Bank's comprehensive technology and cyber risk frameworks, policies, and standards, ensuring alignment with regulatory requirements (MAS TRM & Outsourcing Guidelines, etc.) and best practices.
- Drive adherence to these frameworks and standards across business and technology functions for both internal projects and third-party engagements.
- Oversee and perform formal risk assessments and manage the risk acceptance process according to Bank policies and risk appetite.

2. Risk Assessment & Management:

- Drive technology and cyber cyber key metrics (Key Risk Indicators (KRIs), etc.) definition and reporting against the Bank's risk appetite.
- Contribute to and oversee aspects of the Third Party Risk Management (TPRM) process from a technical security perspective, as part of a holistic risk management approach.
- Assess the design and operating effectiveness of technology and cyber controls within internal environments and third-party services, determine residual risks arising from control failures, and recommend necessary remediation actions.
- Maintain a risk register of all residual risk acceptances with implications for technology and cyber risks.
- Proactively track and monitor the implementation of agreed-upon technology and cyber risk mitigation measures and conduct effectiveness reviews to ensure risk reduction to acceptable levels.
- Engage in technology and cyber risk governance activities through regular participation in and reporting updates to committees, managements, and working groups as required.

3. Technical Security Solutions & GRC Platform Development:

- Conduct in-depth technical validation of security controls, architecture, and evidence for both internal systems/projects and third-party solutions (SOC 2 & ISO reports, pen test reports, architectural diagrams, code review summaries etc.).
- Plan, lead, and execute technical security assessments, including potential onsite reviews for critical internal systems or third-party locations; document findings and drive remediation.
- Lead the design, development, configuration, and enhancement of GRC solutions, particularly within the ServiceNow GRC module (e.g., Policy and Compliance, Risk Management, Vendor Risk Management), to automate and improve risk management processes, reporting, and workflows.
- Utilize technical development skills (e.g., scripting, API integration, light development) to build and maintain custom GRC functionalities, integrations with other security tools, and dashboards within ServiceNow or other supporting platforms.
- Design and enhance technical assessment methodologies, tooling, and procedures; explore/evaluate GenAI tools to improve assessment efficiency and depth.
- Identify, analyze, document technical risks/gaps; collaborate on and track effective remediation plans.

4. Stakeholder Engagement & Regulatory Compliance:

- Serve as a key technical security SME for tech and cyber risk matters, providing pragmatic guidance to internal project teams, technology owners, and business units.
- Collaborate with stakeholders (Procurement, Legal, Technology, Business Units, etc.) to embed security requirements into project lifecycles, internal development processes, and third-party contracts.
- Manage tech/cyber regulatory obligations, track compliance, report non-conformities, and support incident reporting.
- Provide mentorship and u